refactor: remove hardcoded oauth2 client for demo app

README.md

@@ -0,0 +1,16 @@
+# Auth server
+
+## Run the demo
+
+Execute command : 
+```bash
+docker compose up
+```
+will run all required services.
+
+Next command : 
+```bash
+task create-demo-client
+```
+
+Now, you can open http://localhost:3000

Taskfile.yaml

@@ -33,3 +33,15 @@ tasks:
     -p packageVersion=latest 
     -p isGoSubmodule=true 
     -p packageName=authclient
+  create-demo-client:
+    vars:
+      CLIENT_ID:
+        sh: >
+          curl -X POST 'http://localhost:8080/clients' 
+          -H 'Content-Type: application/json' 
+          -d '{"public": true, "name": "demo", "postLogoutRedirectUris": ["http://localhost:3000/"], "redirectUris": ["http://localhost:3000/auth-callback"]}'|jq -r .data.id
+    preconditions:
+    - sh: '[ "{{.CLIENT_ID}}" != "null" ]'
+    cmds:
+    - |
+      echo export const REACT_APP_CLIENT_ID=\'{{.CLIENT_ID}}\' > demo/src/config.js

cmd/serve.go

@@ -7,19 +7,14 @@ import (
 	"errors"
 	"fmt"
 
-	auth "github.com/numary/auth/pkg"
 	"github.com/numary/auth/pkg/api"
 	"github.com/numary/auth/pkg/delegatedauth"
 	"github.com/numary/auth/pkg/storage"
 	"github.com/numary/go-libs/sharedlogging"
 	"github.com/numary/go-libs/sharedotlp/pkg/sharedotlptraces"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
-	"github.com/zitadel/oidc/pkg/oidc"
-	"github.com/zitadel/oidc/pkg/op"
 	"go.uber.org/fx"
-	"gorm.io/gorm"
-	"gorm.io/gorm/clause"
 )
 
 const (
@@ -82,45 +77,6 @@ var serveCmd = &cobra.Command{
 			fx.Invoke(func() {
 				sharedlogging.Infof("App started.")
 			}),
-			fx.Invoke(func(lc fx.Lifecycle, db *gorm.DB) {
-				lc.Append(fx.Hook{
-					OnStart: func(ctx context.Context) error {
-						client := &auth.Client{
-							Id: "demo",
-							RedirectURIs: auth.Array[string]{
-								"http://localhost:3000/auth-callback",
-							},
-							ApplicationType: op.ApplicationTypeWeb,
-							AuthMethod:      oidc.AuthMethodNone,
-							ResponseTypes:   []oidc.ResponseType{oidc.ResponseTypeCode},
-							GrantTypes: []oidc.GrantType{
-								oidc.GrantTypeCode,
-								oidc.GrantTypeRefreshToken,
-								oidc.GrantTypeClientCredentials,
-							},
-							AccessTokenType:        op.AccessTokenTypeJWT,
-							PostLogoutRedirectUris: auth.Array[string]{"http://localhost:3000/"},
-						}
-						secret, _ := client.GenerateNewSecretWithClear("default", "1234")
-						return db.
-							WithContext(ctx).
-							Clauses(clause.OnConflict{
-								Columns: []clause.Column{{Name: "id"}},
-								DoUpdates: clause.Assignments(map[string]interface{}{
-									"grant_types": auth.Array[oidc.GrantType]{
-										oidc.GrantTypeCode,
-										oidc.GrantTypeRefreshToken,
-										oidc.GrantTypeClientCredentials,
-									},
-									"post_logout_redirect_uris": `["http://localhost:3000/"]`,
-									"access_token_type":         op.AccessTokenTypeJWT,
-									"secrets":                   fmt.Sprintf(`[{"hash": "%s"}]`, secret.Hash),
-								}),
-							}).
-							Create(client).Error
-					},
-				})
-			}),
 			fx.NopLogger,
 		)
 		err = app.Start(cmd.Context())

demo/src/.gitignore

@@ -0,0 +1 @@
+config.js

demo/src/index.js

@@ -4,9 +4,10 @@ import './index.css';
 import reportWebVitals from './reportWebVitals';
 import {OidcProvider, OidcSecure} from "@axa-fr/react-oidc";
 import {Info} from "./Info";
+import {REACT_APP_CLIENT_ID} from "./config";
 
 const configuration = {
-    client_id: 'demo',
+    client_id: REACT_APP_CLIENT_ID,
     redirect_uri: 'http://localhost:3000/auth-callback',
     silent_redirect_uri: 'http://localhost:3000/silent-auth-callback',
     scope: 'openid offline_access email',

pkg/client.go

@@ -3,7 +3,6 @@ package auth
 import (
 	"crypto/sha256"
 	"encoding/base64"
-	"fmt"
 	"time"
 
 	"github.com/google/uuid"
@@ -27,14 +26,11 @@ type ClientSecret struct {
 }
 
 func (s ClientSecret) Check(clear string) bool {
-	fmt.Println("check secret", clear, s.Hash, newHash(clear))
 	return s.Hash == newHash(clear)
 }
 
-func newSecret(name, clear string) (ClientSecret, string) {
-	if clear == "" {
-		clear = uuid.NewString()
-	}
+func newSecret(name string) (ClientSecret, string) {
+	clear := uuid.NewString()
 	return ClientSecret{
 		ID:         uuid.NewString(),
 		Hash:       newHash(clear),
@@ -58,7 +54,7 @@ type Client struct {
 	PostLogoutRedirectUris         Array[string] `gorm:"type:text"`
 	Scopes                         []Scope       `gorm:"many2many:client_scopes;"`
 	Description                    string
-	Name                           string
+	Name                           string `gorm:"unique"`
 }
 
 func (c *Client) Update(opts ClientOptions) {
@@ -78,14 +74,7 @@ func (c *Client) Update(opts ClientOptions) {
 }
 
 func (c *Client) GenerateNewSecret(name string) (ClientSecret, string) {
-	secret, clear := newSecret(name, "")
-	c.Secrets = append(c.Secrets, secret)
-
-	return secret, clear
-}
-
-func (c *Client) GenerateNewSecretWithClear(name, clear string) (ClientSecret, string) {
-	secret, clear := newSecret(name, clear)
+	secret, clear := newSecret(name)
 	c.Secrets = append(c.Secrets, secret)
 
 	return secret, clear